Project Procedures for Data Handling and Management

The We Can Work It Out project will ensure that all staff
and project members will uphold the principle of confidentiality in line with data
protection legislation. This is covered by all project partner Data Protection
Policies, and includes guaranteeing that all clients’ information will be:

Fairly and lawfully processed in a transparent
manner

Obtained and processed for specified purposes

Adequate, relevant and not excessive for
purposes required

Accurate and, where necessary, kept up to date

Kept for no longer than necessary

Processed in line with the rights of the
individual

Kept secure

Not transferred to countries outside the
European Economic Area unless there is adequate protection for the information.

Project-Specific Ways
of Working:

Data collection:

Project staff will use the KoBo Collect
application on their phones to register the personal information of any
individuals or families that are interested in the project. Information
collected includes: full name, email address, phone number, area of Cardiff
they live in, family size, preferred contact means, and consent to store
information for project use only and share with project team.

Individuals will be accurately informed of what
their personal data will be used for, and this should inform their consent.

New entries can be submitted if personal data
changes, in order to ensure that data is accurate.

Paper copies of personal data will be kept to an
absolute minimum. Where at all possible paper copies will be replaced by
electronic copies, with the paper copy disposed of as soon as possible. If
paper copies are necessary as part of project implementation then they will be
stored in locked storage space.

Data storage and
access:

Personal information and other project-related
electronic data shall not be stored or accessed on any equipment other than
that approved for project use. This includes mobile phones and computers. All
equipment should be password protected.

Information collected via KoBo is stored on a
protected server, which only the Project Manager and Administrator have access
to.

An excel database may be created with relevant
contact information of individuals and families involved in the project. This
document is to be password protected, and the password known only by project
staff who require access to the information for the successful implementation
of the project.

Project group
communications:

If contacting a group of individuals via email
then ‘blind copy’ (bcc) should be used unless consent has been explicitly
obtained from all individuals approving sharing of their email address with the
group.

The same principle applies for Whatsapp groups
or other group messaging.

Rights and
responsibilities:

Individuals have the right to ask what data is
being held about them at any point in the project process.

Individuals have the right to ask for their data
to be deleted. The project team will respect any request for deletion of
personal data and action any request swiftly.

The Project Manager has overall responsibility
for data protection procedures related to the project, and will be a focal
point for all queries regarding data protection and processing of personal
data.

The Project Manager will seek external expertise
for any query beyond the scope of their knowledge and will seek to ensure
compliance with all relevant data protection laws.

All staff members have an obligation to report
data protection breaches or contact the Project Manager if they have concerns
of such a breach. This will allow the appropriate personnel to investigate
further and take the appropriate steps to fix the issue in a timely manner.

Personal data will not be shared with any
third-party organisation or individual. In the case of any referral, this will
be discussed with the individual or family and their data shared with the
referral organisation only if requested by the individual or family themselves.